Introduction

The vulnerabilities that could allow remote code execution if an attacker sends a specially crafted URL request that contains international characters to a Microsoft .NET web application.

The vulnerabilities that could allow elevation of privilege by improving how Microsoft .NET Framework communicates with the ClickOnce installer process.

A security feature bypass vulnerability that could let an attacker bypass the Address Space Layout Randomization (ASLR) security feature. An attacker could use this ASLR bypass vulnerability together with another vulnerability, such as a remote code execution vulnerability, to take advantage of the ASLR bypass to run arbitrary code.

Summary

Microsoft has released security bulletin MS14-057. Learn more about how to obtain the fixes that are included in this security bulletin:

For individual, small business, and organizational users, use the Windows automatic updating feature to install the fixes from Microsoft Update. To do this, see Get security updates automatically on the Microsoft Safety and Security Center website.

More Information

More information about this update

The following articles contain additional information about this update as it relates to individual product versions. The articles may contain specific information to the individual updates such as a download URL, prerequisites, and command-line switches.